There are several types of errors Plesk admins and users alike regularly deal with. One of them is the Incorrect TXT Record Error. It usually occurs in Plesk or in the mailbox within an email. The TXT Record Error looks something like this:
The main reason why this error occurs is because someone or something like stopped the local DNS service, which is found at Settings > Service Management.
When the service is abruptly stopped, the TXT record for _acme-challenge.example.com cannot be generated automatically.
To fix this error, here are the steps you need to follow:
Code:
Error: Could not issue a Let’s Encrypt SSL/TLS certificate for example.com.
Authorization for the domain failed.
Details Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz/9_fD4pJYnd6o4DNUxbG0WNtYOOm-G6TeHcz8TN1K9f4. Details: Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Incorrect TXT record “Rq5AN5tnNTHnUNfh2byBWzDZNePjIOcSJDMJYK0ku6A” found at _acme-challenge.example.comWhen the service is abruptly stopped, the TXT record for _acme-challenge.example.com cannot be generated automatically.
To fix this error, here are the steps you need to follow:
- Log into Plesk
- Navigate into Tools & Settings >> Services Management.
- Start the DNS service (presuming that it has stopped)
- Now, navigate into Domains >> example.com >> SSL/TLS Certificates.
- Click on Reissue Certificate option
- Once you get the following message, check to see if the TXT record gets resolved externally:
- This can be checked via ssh with the command dig TXT _acme-challenge.example.com +short
- If not, then you need to add the record to external DNS server. Also, you need to remove the existing acme-challenge records
- Now get back to the Plesk screen and reload
